SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
My question is: does a stealth port imply a closed port ? (I'm betting not, I always thought it was simply something to stop port scanning ... something which however fails at this)
Last edited by H_TeXMeX_H; 12-01-2008 at 02:19 PM.
If I understand correctly, a stealth port does not necessarily imply a closed port. My understanding:
A stealth port does not respond to any query. A closed port responds (Yes! I'm here!) but only allows traffic that is initiated or allowed from the host. For example, a closed SSH port will respond and allow traffic only by using the appropriate password or key (the correct password or key basically initiates traffic from the inside). A stealth SSH port will not respond to any query and the outside user must know the port number to get through.
Determine the status of your
system's first 1056 ports
This Internet service ports "grid scan" determines the status — Open, Closed, or Stealth — of your system's first 1056 TCP ports.
32 ports, represented by each horizontal row, are probed as a group. The results are posted as the next set of ports are probed.
During off-peak hours the entire scan requires just over one minute.
For guaranteed accuracy, the scanning time will increase during peak usage when many people are sharing our scanning bandwidth.
A scan of a stealthed system is up to four times slower since many more probes must be sent to guarantee against Internet packet loss.
The test may be abandoned at any time if you do not wish to wait for the scan to finish.
You may hover your mouse cursor over any grid cell to determine which port it represents, or click on the cell to jump to the corresponding Port Authority database page to learn about the port's specific role, history, and security consequences. (Depress SHIFT when clicking to open new window and allow unfinished test to continue.)
Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice.
Not a real good indicator but does give you a fair test. There are ways to get into the system but I will not expose as per the LQ rules. A user can search on the Internet an get enough information to do a lot of harm.
My question is: does a stealth port imply a closed port ? (I'm betting not, I always thought it was simply something to stop port scanning ... something which however fails at this)
Explanation:
Quote:
If your system is unprotected, without any personal firewall or NAT router, any ports showing as stealth are being blocked somewhere between your computer and the public Internet. This is probably being done by your ISP. Internet traffic directed to your computer at the stealth ports will be dropped before reaching your machine.
Hmm, I see. So if a port is stealth it will simply drop all incoming packets and not respond to any probes. I guess so will a closed port, but the difference is that a closed port will respond to probes saying that it is closed. Right ?
Yes, basically you're right. But stealth being overrated [1][2][3] I would really love to see this discussion adopt a broader view of things again. There's some snippets already:
Quote:
Originally Posted by H_TeXMeX_H
firewalls that come with many routers are typically poorly configured and cannot be easily configured properly. But, if you have a good router, then indeed it would be better to configure that one properly.
# single point of failure: not relying on one level of measures.
Quote:
Originally Posted by onebuck
Good security habits are still necessary even with Linux.
# awareness: security being a continuous effort not single shot.
Quote:
Originally Posted by jdvail
Don't log in as root unless you need to, and definitely don't use your browser as root (same applies to any accounts with root-like powers)
# knowledge: knowing how to properly and responsably operate a system.
In the end IMHO a lot of problems are not with software but wetware. Most of systems hardening and auditing is just following the rulebook, using common sense, reiteration. While "cyber crimes" as the OP said, "cyber theft" or whatever you want to call it is part susceptibility of software it more importantly is that of users. Education will combat ignorance but even if we have phishing checks and whatnot, no software will fix stupidity.
It's not just stupidity. Social engineering gets a lot of people to expose themselves to identity theft via the web, mail or personal contact. Trust has been a way for a thief to get what people have via deception. You need to keep the honest people honest. But the thief will always try to get what you have so one must stay one step ahead of that type. The malware problem shows us how a lot of people fall into this type of trap.
Yes, you can fall into the security blanket trap with one size fits all. You must stay abreast with all the necessary tools to allow the system(s) to service the needs. Call it wetware but I call it common sense. Not enough common sense is being used today to rid us of the problem.
Stealth ports are also better for another reason. Certain network attacks can use your system to generate traffic to a victim if your system is responding to incoming data, even if that response is a denial. a prime example is a Smurf attack. Your system doesn't even need to be compromised to be used in a smurf attack. (one example, there are variations of this.)
If your box where completely stealthed and dropping those invalid incoming packets and not responding to them or to pings your system could not be used in that type or a variation of this type of attack.
I typically set my firewall rules to 'Drop' rather than to 'Deny' when possible for that reason. Also a Deny, give an immediate response, where, with a drop the attacker / scanner has to wait to timeout for lack of a response, making his scan slower.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.